e9bf71417889000d041d292b38bd9cb734f30a3735b3c0327713889882a20b6b | Triage

Sharing

General

Target

4169ce4da3427d69c9ef81835671babf_JaffaCakes118
Size

253KB
Sample

241013-w6yteawckp
MD5

4169ce4da3427d69c9ef81835671babf
SHA1

73f21c318843b0f0bbb1ca3193d3ecb0e3c6da60
SHA256

e9bf71417889000d041d292b38bd9cb734f30a3735b3c0327713889882a20b6b
SHA512

72383591f0a844b35d21b94fa001340267a9c49a485c17a7dd19aeddd76df020ae9714302464c3e927ce5e74747e1401f06dd49c505e0704f478d76d2e2bd3e8
SSDEEP

6144:o68i3odBiTl2+TCU/7tkqxrqLckDhuhgT:TNodBiTI+Tp7DrVk1uC

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  4169ce4da3427d69c9ef81835671babf_JaffaCakes118
- Size
  
  253KB
- MD5
  
  4169ce4da3427d69c9ef81835671babf
- SHA1
  
  73f21c318843b0f0bbb1ca3193d3ecb0e3c6da60
- SHA256
  
  e9bf71417889000d041d292b38bd9cb734f30a3735b3c0327713889882a20b6b
- SHA512
  
  72383591f0a844b35d21b94fa001340267a9c49a485c17a7dd19aeddd76df020ae9714302464c3e927ce5e74747e1401f06dd49c505e0704f478d76d2e2bd3e8
- SSDEEP
  
  6144:o68i3odBiTl2+TCU/7tkqxrqLckDhuhgT:TNodBiTI+Tp7DrVk1uC
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence